Threat actors have performed a marketing campaign relying on the RedLine stealer and focusing on YouTube end users.
The information comes from cybersecurity scientists at Kaspersky, who revealed an advisory about the campaign previously nowadays.
“Discovered in March 2020, RedLine is currently a person of the most widespread Trojans used to steal passwords and credentials from browsers, FTP customers and desktop messengers,” wrote Oleg Kupreev in the complex write–up.
“It is overtly available on underground hacker message boards for just a couple of hundred pounds, a somewhat smaller value tag for malware.”
According to the security skilled, RedLine can steal usernames, passwords, cookies, bank card details and autofill information from Chromium– and Gecko–based browsers. It is also able of acquiring knowledge from crypto wallets, instant messengers and FTP/SSH/VPN consumers and files with particular extensions from units.
The malware can reportedly obtain and operate third–party computer software equipment, execute commands in cmd.exe and open backlinks by means of the default browser.
“The stealer spreads in different approaches, such as via destructive spam e–mails and third–party loaders,” Kupreev defined.
Further, in addition to the payload itself, Kaspersky recognized that the learned bundle experienced self–propagation functionalities.
“Several documents are accountable for this, which acquire videos and write-up them to the infected users’ YouTube channels along with the one-way links to a password–protected archive with the bundle in the description,” the advisory reads.
“The films market cheats and cracks and offer guidance on hacking preferred video games and application.”
From a technical standpoint, the bundle is a self–extracting RAR archive that contains many destructive files, clean utilities and a script programmed to routinely operate the unpacked contents.
Kaspersky mentioned that the self–spreading bundle with RedLine is a prime example of stealer–type malware being distributed under the guise of game hacks.
“Cyber–criminals lure victims with advertisements for cracks and cheats, as very well as directions on how to hack games,” Kupreev said.
“At the very same time, the self–propagation features is implemented applying reasonably unsophisticated program, this kind of as a custom-made open–source stealer. All this is additional evidence if any have been desired, that unlawful software must be taken care of with intense caution.”
The Kaspersky advisory arrives times right after a report by cybersecurity business Akamai proposed cyber–attacks in the gaming sector have elevated by 167% in the previous yr.
As for the RedLine stealer, the software was also noticed in a ModernLoader marketing campaign uncovered by Cisco Talos very last month.
Some parts of this article are sourced from:
www.infosecurity-journal.com